1) Field of the Invention
The present invention relates to a technique for preventing fraud registration when, for example, biological information is to be registered with respect to a user authentication system in a banking institution.
2) Description of the Related Art
In recent years, in a banking institution and the like, user authentication systems for authenticating users using biological information become widespread as shown in Japanese Patent Applications Laid-Open No 2001-118066 and 2002-342289 for example. Examples of the biological information are fingerprint, palm print, finger shape, palm shape, voice, retina, iris, face image, dynamic signature, blood vessel pattern, and key stroke.
According to such a user authentication system, an operator operates a processing terminal in an office such as a branch office of a banking institution, and biological information of a customer (registrant) is registered. One example of procedure of the operator to register the biological information of the customer in the user authentication system will be explained.
First, if a customer comes to the office and opens a new account, an operator of the office carries out registration of card application using the processing terminal. At the time of this card application registration, the operator authenticates the customer by his or her identification card or the like, inputs customer information which is necessary for opening the account or applying the card into the processing terminal, and the input information is sent to a management center which collectively manages the customer information of each office. Prior to the operation of the processing terminal, the operator logs in to the processing terminal using an operator card or the like.
In the management center, the customer information which was input by the processing terminal is registered in a database, a request for issuing an IC card is sent, together with a portion of the customer information, to a card issuing center which issues the customer card (IC card). In the card issuing center, customer information such as account information is written in the customer card, and the customer card in which the customer information is written is directly sent to the customer from the card issuing center.
The biological information is not registered in the customer card sent from the card issuing center. If the customer card needs to be used for biological authentication, the customer needs to bring the customer card to the office again and to register the biological information of the customer.
The customer who brought the customer card shows his or her IC card to the operator, and the operator sees the IC card and inputs biological information using an input device of the office. The operator carries out the registration operation using the biological information which is input to the input device, the biological information of the customer is registered in the customer card and the management center, and the biological information of the customer can be used for user authentication.
When the biological information of the customer is registered in the customer card or the management center in accordance with the above-described procedure, it is possible to register the biological information in a fraud manner by the operator's operation. For example, the operator can hand over an off-line input device to the customer, and can input the operator's own biological information to the input device which is on-line connected, or the operator obtains, in some way, a card of the customer in which biological information is not yet registered and carries out the registration operation of the operator's own biological information in the obtained customer card, and the operator can register his or her own biological information in the customer card, or a person who can control the system like the operator can register the biological information of his or her own instead of biological information of the customer in the fraud manner.
There is a problem that the customer card which is registered in the fraud manner can be authenticated using the biological information of the operator, and the operator who registered in the fraud manner can use the customer card in the fraud manner.